Cloud computing and other emerging
technology exposures exacerbate the
challenge of insuring and managing
information security and privacy risks
By John W. De Witt
Technology and information system innovations continue
their relentless pace — putting cyber risk, data security,
privacy, and related issues at the top of the 2012 concerns
list for insurers, risk managers, chief information officers, and
others who must grapple with the disruption and emerging
risks created by each new entry to the technology
marketplace. One of the most significant technology
arrivals — not brand new, but exploding into an estimated
$150 billion market by next year — is now ubiquitously
referred to as “the cloud.”
The metaphor of “the cloud” sounds mysterious, but it
simply means that users increasingly are storing data off-site,
accessing remotely hosted software applications, and relying
on information technology infrastructure that is no longer on
their physical premises. Instead, data, applications, and
systems are “somewhere out there” (frequently, many places
out there) and are accessed via the Internet from end users’
businesses, homes, and mobile devices.
Everyone is in the cloud now — or at least
impacted by it.
“Your company eventually will be interacting with someone
in the cloud, whether or not you choose to go there,”
according to Hemanshu Nigam, founder of technology
security advisory firm SSP Blue. “You used to be protected if
you were in a ‘small pond,’ but now thanks to the Internet
and the cloud, your small pond is connected to other ponds
large, small, and in between, located all around the world.”
Nigam — a former federal cybercrime prosecutor and
advisor to the White House on cyber stalking, who has held
top information security positions at News Corporation,
Microsoft, and the Motion Picture Association of America —
recently joined three other experts from Zurich for an
in-depth PropertyCasualty360.com web seminar on the cloud
and other current cyber risks. Through their presentations
and answers to audience questions, Nigam and the other
panelists explored a range of cyber- and information-related
challenges and how to address them, including:
• The latest developments in cyber risk and how to gauge
exposure—qualitatively and quantitatively
• How insurers and risk management experts are
responding to an ever-changing risk landscape that
impacts all technology users
• Practical and cost-effective approaches to manage and
insure risk, including typical policy coverage and how to
identify the elements that warrant coverage
The Ubiquity of Cybercrime and Information
Security Risks
Nigam kicked off the discussion with sobering statistics on
cybercrime: “Every day there are twice as many cybercrime
victims as newborn babies,” he said, adding that one in four
Internet users (245 million in the U.S. alone) is a cybercrime
victim. Businesses lose more than $130 billion annually —
and are spending in the U.S. more than $75 billion a year on
IT security. He then put this in the context of the cloud —
used by one in every three business organizations in the U.S.
today, and growing almost exponentially.
The good news is that “with everyone getting into the
cloud, the risks can be identified and addressed,” Nigam
continued, citing reliability, information security and data
breaches, bandwidth costs, and vendor lock-in as key
“With everyone getting into the cloud, the risks can be identified and addressed.” Hemanshu Nigam Former federal cybercrime prosecutor
